In an era where smartphones buzz incessantly with notifications, few things irk users more than unsolicited spam texts. Cash App, the popular peer-to-peer payment service owned by Block, Inc., found itself at the center of such irritation. What began as a clever “Invite Friends” referral program—offering $5 bonuses for new sign-ups—morphed into a flood of unwanted messages for thousands of Washington state residents. By mid-2025, this led to a landmark $12.5 million class action settlement, highlighting the razor-thin line between innovative marketing and invasive spam. As of November 2025, the case underscores the evolving battle over consumer privacy in digital finance.
The Referral Program Gone Awry
Launched to boost user growth, Cash App’s Invite Friends feature allowed existing users to share referral codes via text, automatically pulling contacts from phone books. A typical message read: “Hey! I’ve been using Cash App to send money and spend using the Cash Card. Try it using my code and you’ll get $5. FVRJ1PH https://cash.app/app/FVRJ1PH.” While innocuous for some, recipients who hadn’t consented—many non-users—found these texts intrusive and relentless.
From November 14, 2019, to August 7, 2025, nearly 2 million phone numbers with Washington area codes received such messages. Plaintiffs argued this wasn’t just poor etiquette; it violated state laws designed to curb commercial spam. The program’s ease of use, they claimed, enabled widespread abuse, turning users into unwitting spammers.
Filing Suit: Allegations of Legal Overreach
The spark ignited in November 2023 when Washington resident Kimberly Bottoms filed Bottoms v. Block, Inc. (Case No. 2:23-cv-01969-MJP) in King County Superior Court, later moved to the U.S. District Court for the Western District of Washington. Bottoms alleged she endured “annoying and harassing” texts despite never requesting them, describing the barrage as a “nuisance” that cluttered her inbox.
Represented by firms like Terrell Marshall Law Group PLLC and Berger Montague PC, the suit accused Block of breaching the Washington Commercial Electronic Mail Act (CEMA) and the Washington Consumer Protection Act (CPA). Under CEMA, companies can’t send or “substantially assist” in transmitting unsolicited commercial texts without prior consent. Unlike the federal Telephone Consumer Protection Act (TCPA), which focuses on automated calls, CEMA extends liability to facilitators—key here, as Block provided the tools but didn’t directly send the texts.
Washington Attorney General Nick Ferguson intervened in December 2023 to defend the laws’ constitutionality after Block challenged them as overbroad. Bottoms sought statutory damages up to $500 per violation, potentially totaling millions.
Core Allegations:
- Facilitating non-consensual spam through app design
- No opt-out mechanism for recipients
- Violation of privacy rights under state consumer laws
Court Battles: Motions, Interventions, and a Path to Settlement
Block mounted a vigorous defense, filing a May 2024 motion to dismiss, arguing it offered no “substantial assistance” and that Bottoms failed to prove knowledge of violations. The company invoked TCPA standards, claiming CEMA didn’t apply to texts. U.S. District Judge Marsha J. Pechman rejected this in July 2024, ruling TCPA irrelevant and affirming CEMA’s broader reach to enablers.
Discovery revealed Block’s internal awareness of spam complaints, bolstering plaintiffs’ case. Amid escalating costs, the parties negotiated. On June 30, 2025, they announced a proposed $12.5 million settlement—preliminarily approved July 29, 2025—without Block admitting wrongdoing. “This resolves the matter efficiently while allowing us to focus on user experience,” a Block spokesperson stated.
The agreement covers Washington residents who received qualifying texts without affirmative consent. Exclusions apply to Block employees, their families, and those who opt out.
Settlement Breakdown: Who Qualifies and How Much?
The $12.5 million fund allocates pro rata payments to claimants, estimated at $88 to $147 each, depending on valid submissions. Funds also cover administration (via EisnerAmper), attorneys’ fees (up to 33%), and a $5,000 service award to Bottoms.
Eligibility Criteria:
- Received a Cash App referral text between November 14, 2019, and August 7, 2025
- Resided in Washington at receipt
- No prior clear consent (e.g., not from a requested transaction)
Claims required phone numbers matching Block’s records, submitted online or by mail to Bottoms v. Block Settlement Administrator, P.O. Box 2631, Baton Rouge, LA 70821. The deadline was October 27, 2025—now passed. Opt-out or objection periods ended the same day.
As of November 5, 2025, the settlement administrator reported strong participation, though exact figures await final tally. Payments, via check, direct deposit, or Venmo, are slated for early 2026 post-final approval.
Final Approval on the Horizon: A December Hearing
A fairness hearing is set for December 2, 2025, before Judge John C. Coughenour (reassigned in September). Plaintiffs’ counsel Jennifer Rust Murray hailed it as “favorable compared to similar telemarketing cases,” citing unique litigation risks. Block maintains compliance with all laws, viewing the settlement as a pragmatic close.
If approved, this ends the suit; appeals could delay payouts. The case’s outcome may influence how apps handle referrals nationwide, potentially tightening consent rules under state analogs to TCPA.
Broader Ramifications: Privacy in the Fintech Era
This settlement isn’t Block’s first brush with regulators. In January 2025, it paid $255 million to the CFPB and states for lax oversight of Cash App transactions. A separate $15 million deal in 2024 addressed unauthorized data access by employees. Collectively, these expose vulnerabilities in fintech’s rapid growth.
For consumers, it reinforces rights under laws like TCPA and CEMA: Companies must secure explicit opt-in for marketing, and violations carry steep penalties. Referral programs, once growth hacks, now demand robust safeguards—perhaps mandatory recipient previews or contact verification.
Lessons for Users and Companies Alike
Spam texts erode trust, one ping at a time. Users should report violations to the FCC or state AGs and use apps’ block features. For businesses, the takeaway is clear: Innovation can’t trump consent. Implement granular permissions, audit referral tools, and prioritize do-not-disturb lists.
As Cash App boasts over 50 million users, this saga reminds us that behind every app is a web of legal strings. For the spammed in Washington, relief is near—a small win in the fight for quieter inboxes.
